Escaping single quotes in text...

[Jim R]

I have a paragraph in a text in my data table column with apostrophes and heights, like, "He'll likely grow beyond 6'6"."

 

I've tried addslashes($update), but it's not working.  (At another time I thought I had something like that.)

Is there something that will take care of it short of typing \ before every instance I use quotes, the using stripslash?

[ginerjm]

You could use str_replace I suppose.  Test it out.  That's what I would have done before writing here.

And what is wrong with addslashes?  What is it NOT doing?

 

Edited April 5, 2020 by ginerjm

[Jim R]

What am I replacing though?  

I searched a good amount on this topic, as addslash wasn't working.  Adding \ to the text then stripping it looks to be a work around.  I just thought there was a better way without forcing those doing the inputting to the table to add them.  It's not very native.  

 

str_replace("'","'",$update) - didn't work.  Neither did...

str_replace("'","\'",$update)

Edited April 5, 2020 by Jim R

[ginerjm]

What didn't addslashes do?  Please elaborate since "wasn't working" doesn't say shit.

And as for using str_replace - is that your EXACT code?

[Jim R]

The addslashes didn't escape the single quotation marks in text (the subject of the topic).  

The exact code is 

echo str_replace("'","\'",$update); 

 

[ginerjm]

If you read the manual you'll see that you need to supply a result argument for the changed string.

[ginerjm]

PS - using addslashes is hard to verify since they don't show up visually.  If you are doing this to add to a db go ahead and do it and then see if the data is completely returned in a query result.

[Jim R]

Turns out part of the problem using an iPad to enter that specific data to the table.  Not sure why there is a difference in using ' and " on an iPad vs. a Mac, but there is.  So I changed out all the single and double quotes (very early in this process, so it's not too big of an issue at the moment), then added this line...

 

$update = mysqli_real_escape_string($con,$row['review']);
 

Then stripslash($update) when I needed output. 

[ginerjm]

Probably a different character set.  YOu may need to do a type conversion for all the input from the ipad if it doesn't match your db set.

[Jim R]

Yeah, I forgot it does that because when I use Textastic for code, it has separate keys for quotes and double quotes.  

I'll likely be the only one using an iPad to input data in my group, so that should be easy enough going forward. 

[ginerjm]

CAn you alter the char set on an ipad?

[Barand]

PMFJI, but I ran a simple test

Text entered in form

Text then stored in db table, retrieved then echoed to page

No escaping, adding or stripping slashes required. Just use a prepared statement. EG

<?php
include 'db_inc.php';
$db = pdoConnect('timeclock');

$db->exec("DROP TABLE IF EXISTS test_jimr");
$db->exec("CREATE TABLE IF NOT EXISTS test_jimr ( quotation varchar(50) )");
$txt = '';


if ($_SERVER['REQUEST_METHOD']=='POST') {
    
    $res = $db->prepare("INSERT INTO test_jimr VALUES (?)");
    $res->execute( [ $_POST['quote'] ] );
    
    // retrieve it and display it
    
    $res = $db->query("SELECT quotation 
                       FROM test_jimr
                       LIMIT 1 
                      ");
    $txt = "<p>" . $res->fetchColumn() . "</p>\n";
}
?>
<!DOCTYE html>
<html>
<head>
<meta http-equiv="content-language" content="en">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Example</title>
</head>
<body>
<h1>Example</h1>
<form method="post">
    Text: <input type="text" name="quote" size="40" value="">
    <input type="submit" name="btnSum" value="Submit">
</form>
<br>
<hr>
<br>
         <?=$txt?>
</body>
</html>

 

Edited April 5, 2020 by Barand